An industry group formed to promote trust between consumers and websites will begin certifying adware programs starting next year, the organization announced on Wednesday.
The group, TRUSTe, will put programs that meet certain criteria - such as only installing themselves after users accept an explicit agreement and allowing …

Arizona authorities this week charged suspected members of a criminal ring thought responsible for 10 per cent of all fake money in the state after some members sent a printer, jammed with counterfeit bills, out for repair.
A three-month investigation by the U.S. Secret Service and the local sheriff's office nabbed 10 suspects …

A trio of entrepreneurial hackers hope to do for the business of password cracking what Google did for search and, in the process, may remove the last vestiges of security from many password systems.
Over the past two years, three security enthusiasts from the United States and Europe set a host of computers to the task of …

In what prosecutors have labeled the first case of its kind in the nation, a federal grand jury charged Jeanson James Ancheta with 17 counts of conspiracy and computer crime stemming from his alleged profitable use of bot nets. Over nearly a year, Ancheta allegedly used automated software to infect Windows systems, advertised …

The latest variant of SDBot spreads through America Online instant messaging software (AIM) and installs surreptitious remote control software on victims' computers, focusing the media on security experts' concerns that instant messaging will become the next popular vector for these programs.
The program - known as W32.Loxbot.B …

Security firm iDefense, a subsidiary of VeriSign, announced on Friday the recipients of two rounds of bonuses rewarding the most prolific researchers taking part in the firm's Vulnerability Contributor Program (VCP).
The researchers split $40,000 in bonuses: Three people divvied up $10,000 awarded to the top flaw finders for …

The recent arrests of three men in The Netherlands who allegedly controlled a network of more than 100,000 compromised computers will not likely curtail the criminal economy surrounding so-called bot nets, security experts said this week. The arrests, announced last week by The Netherlands' National Prosecution Service, follow …

Consumers embarking on a shopping spree may be able to leave their wallets behind in the near future, despite some security and privacy experts' concerns. This week, Pay By Touch Solutions, a San Francisco-based firm whose system allows customers to pay at participating grocery stores with the press of a finger, announced that …

A federally funded group of voting system experts called on the United States' Election Assistance Commission, which oversees the nation's state-run elections, to revamp its recommended process for evaluating the security of electronic voting devices.
In comments published last week, the ten researchers that collectively make …

The Mozilla Foundation's Firefox browser successfully took market share away from software giant Microsoft's Internet Explorer over the past 18 months, but has found that popularity comes with growing pains.
When Microsoft fixes problems, the public generally doesn't know about them. For Firefox, the nature of the process means …

Eavesdroppers armed with a shotgun microphone or a small recording device could make off with a computer user's sensitive documents and data, three university researchers said in a paper released this week.
The researchers, from the University of California at Berkeley, found that a 10-minute recording of a person typing at the …

Microsoft's decision to cancel a security fix after finding problems with the patch has security experts questioning whether waiting for the fix to come next month might leave them open to attack.
The concerns come after Microsoft announced last Thursday that a critical fix for the Windows operating system would be distributed …

Fernando Gont is nothing if not tenacious.
Earlier this year, the Argentinian researcher highlighted several attacks that could disrupt network connections using the Internet control message protocol, or ICMP, and proposed four changes to the structure and handling of network-data packets that would essentially eliminate the …

Last week, the Internet Storm Center, a group of security professionals that track threats on the Net, flagged a flaw in how a common Microsoft Windows utility and several anti-spyware utilities detect system changes made by malicious software. By using long names for registry keys, spyware programs could, in a simple way, hide …

Law enforcement officials in Turkey and Morocco arrested two men in connection with the recent release of the Zotob worm, the FBI announced Local authorities arrested 18-year-old Farid Essebar in Morocco and 21-year-old Atilla Ekici in Turkey on Thursday, according to the FBI. The U.S. law enforcement agency believes that …

Microsoft 's experimental Honeymonkey project has found almost 750 web pages that attempt to load malicious code onto visitors' computers and detected an attack using a vulnerability that had not been publicly disclosed, the software giant said in a paper released this month.
Known more formally as the Strider Honeymonkey …

LAS VEGAS The weekend-long Capture the Flag tournament stressed code auditing as a measure of hacking skill this year, a move that emphasized more real-world skills, but not without controversy.
The annual Capture the Flag tournament at DEF CON has always attracted participants from a variety of background, looking to try their …

LAS VEGAS In a room at the Alexis Park Hotel, a nightmare scenario for Cisco has begun to unfold.
It's Saturday night, a time for blowout parties at the annual DEF CON hacker convention, including the Goth-flavored Black and White Ball. But a half dozen researchers in the nondescript room quietly drink, stare at the screens of …

LAS VEGAS A researcher who showed off a way to remotely compromise Cisco routers has to turn over all materials and agree not to further disseminate information on the flaws or the technique he used to run code on the popular network hardware.
The settlement, finalized Thursday afternoon, brought to a close a controversy that …

LAS VEGAS--Networking giant Cisco and security company Internet Security Systems filed on Wednesday a restraining order against the management of the Black Hat Conference and a security expert who told conference attendees that attackers can broadly compromise Cisco routers.
The legal action followed a presentation by security …

TippingPoint, a division of networking giant 3Com, plans to pay researchers for information about unannounced vulnerabilities in major systems and software and will add bonuses for prolific flaw finders, the company announced on Monday.
Under the program, dubbed the Zero Day Initiative (ZDI), researchers will submit details of …

Claiming that Oracle has failed to fix six vulnerabilities despite having more than 650 days to issue a patch, researchers at security firm Red Database Security published details of the flaws on Tuesday.
The flaws vary in severity with three of the six classified by the firm as high risk, potentially allowing a remote attacker …

Privacy-sensitive US citizens aiming to get their government-mandated annual free credit reports have to be careful not to endanger their sensitive data instead, stated a report released last Thursday.
More than 200 domains with similar spellings to the official AnnualCreditReport.com site have been registered by private …

Software maker Opera's decision to support BitTorrent has added to some security experts' worries that applications which require open connections through firewalls are becoming increasingly popular.
Last week, the Norwegian company revealed that its latest technical preview adds support for downloading BitTorrent files, or …

A programming error in the University of Southern California's online system for accepting applications from prospective students left the personal information of users publicly accessible, school officials confirmed this week.
The flaw put at risk "hundreds of thousands" of records containing personal information, including …

When Microsoft released limited information on a critical vulnerability in Internet Explorer last month, reverse engineer Halvar Flake decided to dig deeper.
Using his company's tool for analyzing the differences in the patched and unpatched versions of a program, Flake pinpointed the portable networked graphics (PNG) …

More open-source software projects are gaining the benefits of the latest code-checking software, as the programs' makers look to prove their worth.
On Tuesday, code-analysis software maker Coverity announced that its automated bug finding tool had analyzed the community-built operating system FreeBSD and flagged 306 potential …

Online fraudsters have started targeting smaller banks and credit unions in hopes of fooling a larger percentage of customers, according to groups that monitor phishing activity.
Last week, Internet security firm Netcraft published an advisory warning that the number of phishing attacks aimed at smaller financial institutions …

Software makers stand to lose significant market value whenever a flaw is found in their products, two university researcher said in a paper published last week.
The study analyzed the release of 146 vulnerabilities and found that a software company's stock price decreases 0.63 percent compared to the tech-heavy NASDAQ on the …

The uneven skills of driver programmers have left a legion of holes in software that ships with Windows and Linux, security experts say.
Operating system vendors and hardware makers should commit more resources toward systematically auditing Windows and Linux device-driver code for flaws, security researchers say.
While buffer …

The Witty worm, which infected more than 12,000 servers a year ago, came from a single computer in Europe and used a US military base's vulnerable systems to kick-start the epidemic, according to an analysis released by three researchers this week.
The researchers combined records from the initial spread of the Witty worm along …

Groups fighting against online criminals intent on phishing have gained allies from another species of underground miscreant: website defacers.
On Thursday, Internet monitoring firm Netcraft reported that some users of the company's anti-phishing toolbar followed links to fake financial sites only to find them defaced with anti …

Researchers for the software giant are building a system of Windows XP clients that crawl the web finding sites that use unreported vulnerabilities to compromise unsuspecting users, writes SecurityFocus's Robert Lemos.
Researchers at Microsoft are creating their own version of a million monkeys to crawl the internet looking for …

The Mozilla Foundation's Firefox web browser has made security a major part of its marketing, but a spate of vulnerabilities found over the last nine months had sullied that message.
In the latest incident, a 16-year-old security researcher - who asked only to be identified by his first name, Paul - found three vulnerabilities …

Microsoft opened up a new line of communication to its customers on Tuesday, pledging to provide more authoritative information about incidents involving, and changes to, the company's products that could affect customers' security.
The information will be distributed as needed in the form of security advisories, which will be …

Advances in genetic circuits may mean that virologists will have to look at the mechanics of Internet worms for a model of future threats.
Recent technological advances in so-called genetic circuits have brought closer a world where cells and viruses could be modified to more effectively serve humans, but also have raised …

Large companies are reconsidering their security and backup policies after a handful of financial and information-technology companies have admitted that tapes holding unencrypted customer data have gone missing.
Last week, trading firm Ameritrade acknowledged that the company that handles its backup data had lost a tape …

Can trusted computing hardware deliver security without locking out competition, asks SecurityFocus's Robert Lemos.
The next version of Windows, codenamed "Longhorn," will have security features to take advantage of the trusted computing hardware now showing up in the marketplace, Microsoft executives announced on Monday.
The …

Would-be workers need to be more cautious with resume services and posting their personal information online. Online fraudsters and scammers are waiting.
Online fraudsters are increasingly taking advantage of vulnerable job seekers by using online résumés to steal their identity, a privacy expert warned this week.
The threats …

SEATTLE - Privacy advocates took the US government to task last week for the government's plans to add a wireless chips to next-generation passports.
The concerns focus on the US government's initiative to create machine-readable passports that will be rolled out to the diplomatic corps this year and to the general public …

High-school students have a message for their parents: Trust us with technology. Security and privacy? We have it covered.
A panel of teenagers speaking at the Computers, Freedom and Privacy Conference told attendees on Friday that they are far more in tune with technology than their parents and have come to understand the …

Employees at more than 500 companies have fallen victim to domain attacks in the last month, underscoring the increasing popularity of the tactic among Internet fraudsters, security experts said this week.
The attacks aim to redirect consumers to potentially malicious web servers by changing the records used to convert domain …

Database maker Sybase will likely drop legal threats against a UK-based security company this week, allowing the company to publish details on six flaws, a source familiar with the negotiations said on Monday.
The potential agreement between Sybase and Next-Generation Security Software comes after a two-week dispute over …